From: "Vladimir Z. Nuri" <vznuri@netcom.com>
... I feel that cpunks are equally guilty, by branding anything that emanates out of the government as inherently orwellian. do you always have to have an enemy? is the government always going to be your enemy, no matter what they do?
Actually, the government encourages this view by lying. We can get into the many examples on encryption and wire taps, but if the TLAs keep using lies and PR instead of honesty and facts, then no one will accept anything they propose as-is. There will always be some suspicion of hidden agendas. And really, the agenda is obvious, but they have always refused to acknowledge the full extent of it, probably because it would forever damage their credibility. At least right now, Freeh has done enough PR (paid by your generous tax dollars) to make him look like a good guy. Janet Reno already looks innocent enough (hey, who could criticize someone who might look like your grandmother?) ... The PR concepts are all there, deliberately or accidentally.
I have posted here before that many companies find the concept of "key recovery" highly acceptable and even desirable.
Let them buy it. There are companies already making products with key recovery. But remember that key recovery are mostly useful to corporations, so it will be billed as the "professional" version (in off-the-shelf PC-class software) and also be pushed through the IS consulting channels. None of that really addresses E-Mail, I-phone, etc for the rest of us.
2. those who feel that there is such a thing as a legal warrant or subpoena for information protected by cryptography keys, and would agree that this logically means that governments will be getting access to "key recovery" infrastructures.
I agree that there is a legitimate interest by legitimate law enforcement and national security interests. But ... 1. If it's so darn easy to get non-GAK encryption, why dumb it down for the rest of us? (Really, I just don't buy the "no plans for domestic regulations" bit. Plenty of current and ex-executive branchies have admitted as much in private.) 2. The Orwellian possibilities are definitely there. I simply will not let the government have drift-net-fishing rights on the NII. Sorry. I'll let them tap one-sie two-sie's, and I want the process to guarantee by functional design (not legal constraints) that it's expensive to tap more than a few at a time.
personally I am leaning toward 2, because I feel that we already live in such a society, and that it is not orwellian.
That was true because it was too darn expensive. Hey, at $50K per tap, I would be really selective about spending my hard-lobbied wire tap budget. If I can just push a button, I will be far less selective. (oh ... and make sure I ask real nicely later in front of the judge ... maybe ... if I have time ... too busy catching terrorists and child molesters, y'know) I'm not as worried about the indiscriminant tapping ordered by "good" FBI directors; I'm worried about the tapping by the bad ones. There is ZERO detectability if the FBI gets everything they want. There is not a chance of being accidentally discovered by a phone company employee or a wandering by-stander. That lack of check-and-balance is what I am completely against. I don't mind letting them have the technology if I can be sure it will 1) work and 2) minimize abuse.
the recipe for 200+ years has always been and remains "eternal vigilance". in other words, I am in favor of some kind of mechanism by which the government can obtain keys via subpoenas/warrants.
Ok. So every corporation (big and small) now must have a Chief Law Enforcement Relations Officer (CLERO) if they build encryption into their products? Every software engineering consultant has to jump through hoops to export their product? Sorry. If the software engineering industry were just big mammoth corporations, I wouldn't care. But it could just be me and my home office. I cannot afford to fly to D.C. to amuse some panel at the D.o.C. with my stupid key-recovery tricks. No. This plan completely discriminates against small players, and there are a lot of them. Finally, writing software is an art. It is not purely art, but it certainly is an art, which I believe falls fully under free expression and the First Amendment. The work of art is not functional until someone compiles it and run it on a machine. So regulating anything before the actual execution is definitely a violation of the First Amendment. I don't have time to deal with privacy but as soon as it starts executing, it becomes an instrument of privacy so regulating that is also against my basic beliefs, not to mention my engineering sense of practicality.
those who continue to pursue (1) are going to be perceived as more and more radical and extremist, because arguably it is not even a system we have today or one that was ever devised.
Good point. If we are not careful, we could get bad PR. But then, I've been trying to argue that use of words like "anarchy" is against good PR principles anyway. I don't think cypherpunks have such pristine reputations that we must tread carefully for fear of damaging our "reputation". In fact, I don't think we even have one. That is, in some ways, worse than having one at all.
regarding (2): the government may actually help bring crypto to the masses via the post office and other routes. are cpunks going to continue to hold the simplistic, reactionary, knee-jerk, black-and-white opinion that "anything with the word 'government' in it is evil"? "if the government is doing something, then we must sabotage it"?
I think you are making the obvious mistake that many people make about similar groups, such as Libertarians. When someone says you should be able to freely choose, that is all that they are saying. They are not saying that someone else may not make a system that is not ideal, but does provide many other value-added benefits. Ern